Question

Cannot login with SSH USERNAME@IPADDRESS, receive "Permission denied (publickey)" despite root user working

So the issue is that I can login to my server just fine using:

ssh root@SERVER_IP_ADRESS

But when I try to login with a user I created from root:

ssh USERNAME@SERVER_IP_ADRESS

I get:

Permission denied (publickey).

The steps I went through before this.

  1. SSH generated a key
  2. Created an Ubuntu 16.04 droplet with given SSH key.
  3. SSH into server with root
  4. $ adduser user_name
  5. usermod -aG sudo user_name

At this point I switch into my newly created user and can see that it’s created and that the user has been added to sudo group with:

id -Gn

it displays “user_name sudo”

I’ve verified that the public key is in ~/.ssh/authorized_keys of both my root and user directory.

I’ll “exit exit” out of user and server. And attempt to ssh with user to no success.

Even attempting:

ssh -i PRIVATE_KEY USER_NAME@SERVER_IP_ADDRESS

results in the same “Permission denied (publickey).”

I tried to use the ssh -v command to see what may be different between root and user.

ssh -i PRIVATE_KEY USER_NAME@SERVER_IP_ADDRESS -v

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 165.227.83.215 [165.227.83.215] port 22.
debug1: Connection established.
debug1: identity file test-key-fem type 1
debug1: key_load_public: No such file or directory
debug1: identity file test-key-fem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 165.227.83.215:22 as 'kevin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HSPEtljdgqP4d9ZmZKSYGW9iyBfhclnWAKrbnYQam9Y
debug1: Host '165.227.83.215' is known and matches the ECDSA host key.
debug1: Found key in /Users/klufkin/.ssh/known_hosts:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: test-key-fem
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
ssh -i PRIVATE_KEY ROOT@SERVER_IP_ADDRESS -v

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 165.227.83.215 [165.227.83.215] port 22.
debug1: Connection established.
debug1: identity file test-key-fem type 1
debug1: key_load_public: No such file or directory
debug1: identity file test-key-fem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 165.227.83.215:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HSPEtljdgqP4d9ZmZKSYGW9iyBfhclnWAKrbnYQam9Y
debug1: Host '165.227.83.215' is known and matches the ECDSA host key.
debug1: Found key in /Users/klufkin/.ssh/known_hosts:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: test-key-fem
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 165.227.83.215 ([165.227.83.215]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-119-generic x86_64)

The main difference I see is that when I ssh with root user I’m getting this line:

debug1: Server accepts key: pkalg ssh-rsa blen 279

I’m running this all on my Mac OSX. And have no config file in my /.ssh directory on my computer.

Please let me know if there is something I am missing or if you need more information to help me. This is all fairly new to me so it’s not super clear as to how to triage this issue.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

So I found a working answer to my problem. Based off of this thread

If I want to add a user with whom I wish to SSH login with I can run these set of commands:

adduser user (adds a new user)
gpasswd -a user sudo (gives user sudo group permissions)
mkdir /home/user/.ssh (makes a ssh directory in user directory)
cp -Rfv /root/.ssh /home/user/ (Copies key auth file from root to user)
chown -Rfv user:user /home/user/.ssh (set ssh folder/file permissions to user)

after running these commands I can login using:

ssh user@server_ip_address

Thank you @ryanpq and @fishy for pointing me in the right direction! Ended up having to level up my knowledge of file permissions.

Try:

chown user:user .ssh/authorized_keys
chmod 0600 .ssh/authorized_keys
Ryan Quinn
DigitalOcean Employee
DigitalOcean Employee badge
April 13, 2018

It sounds like you covered the required steps. When you copied your public key to the authorized_keys file on the server did you ensure that it is still owned by the new user and not root? If it is owned by root, permissions may not allow it to be used for a normal user to log in.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel